• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 489
  • Last Modified:

How to join a Windows 2008 server to a windows 2003 domain / controller over a site-2-site VPN connection?

Hello,
I need to join a Windows server 2008 currently a member of Work group in our data center to my domain. We have a site-2-site vpn tunnel. I can ping the server from my domain controller and the server in work group can ping the domain controller. When I try to join the server in the work group I am receiving this message:
**********
The following error occurred when DNS was queried for the service location (SRV) resource record used to locate an Active Directory Domain Controller for domain nexxofinancial.local:
The error was: "This operation returned because the timeout period expired."
(error code 0x000005B4 ERROR_TIMEOUT)
The query was for the SRV record for _ldap._tcp.dc._msdcs.xxxx.local
The DNS servers used by this computer for name resolution are not responding. This computer is configured to use DNS servers with the following IP addresses:
xx.3.1.xx
1xx.1xx.0.xxx
Verify that this computer is connected to the network, that these are the correct DNS server IP addresses, and that at least one of the DNS servers is running.*******

Any idea as to what the problem could be?
Thank you.

For more information on how to correct this problem, click Help.******
0
Sean
Asked:
Sean
  • 3
  • 2
  • 2
2 Solutions
 
emilgasCommented:
make sure you set the DNS Correctly. I bet you the IP for the DNS server that is sent on that 2008 machine is automatically obtained from the router which doesn't have clue about the Active Directory on the Other Side of the VPN Tunner.
So your task would be to manually set the DNS and even the IP address on that server to point to the DNS servers that are located on the other side of the VPN.

and for the future if you are going to add computers to that same domain you might as well modify your DHCP server to give out the Proper dns servers instead of the default ones.
0
 
SeanAuthor Commented:
emilgas,

The server 2008 in the work-group has static ip and the primary DNS is set to the ip address of the Windows 2003 domain controller. That is what is so strange about the error message.
 
Thank you
0
 
arnoldCommented:
Make sure the site-to-site VPN is up and active prior to starting the process.

Make sure that only the 2003 DNS is in the TCP/IP configuartion.
can the win2k8 system browse the internet?
This will confirm whether the win2k8 can query the DNS server on the 2003 via the VPN connection.

If the win2k8 can not browse the internet with only the win2k3 DC referenced in the DNS, that might suggest that either the requests are not making it to the win2k3 or the responses are not making their way back.

can the win2k8 ping the win2k3 by IP?
 
0
Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
arnoldCommented:
What are the IP segments on each side?
Trying to make sure you do not have an IP overlap or identical IPs used at both locations (covering the mundane just in case).
0
 
SeanAuthor Commented:
The issue was the firewall ports once the required ports were opened I was able to add the server t the domain
Thank you all for your help
Much appreciated
0
 
emilgasCommented:
Sometimes you just need a little bit of help to get your thinking going.
0
 
SeanAuthor Commented:
a little more work was required to make things to work
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now